My Lords, like the noble Baroness, Lady Harding, I shall focus on crime rather than security. I support the Bill because it will reduce the number of victims of crime. Evidence of location obtained from use of a mobile device can be vital in a rape case, in domestic violence, or where, say, an older man has absconded with a young girl. These are all real examples. The powers defined in the Bill are limited, targeted and proportionate, and the safeguards convincing. However, while welcoming the Bill, I wish only that it went further.
It is a commonplace now to assert that crime is reducing, but I strongly suspect that it is not. Rather, crime is migrating from the physical to the digital world where it mostly remains unrecorded and undetected. The internet offers enormous advantages to the organised, persistent offender. Would-be criminals can readily hide their identity. They can troll and threaten anonymously. They can cast a million flies on the water with a phishing email soliciting PIN codes and account details from the unsuspecting. Paedophiles can operate with impunity in the secure bastion of the dark web. Thousands of credit card details can be purchased in that evil digital marketplace, too, stolen in skilful raids which take advantage of weaknesses in the cyberdefences of major corporations. Anarchists can and do mount denial-of-service attacks on institutions, powered unknowingly by malware secreted onto the computers of thousands of innocent users.
Most attacks are hidden and unreported, but we all recall the attack on TalkTalk, about which the noble Baroness, Lady Harding, has spoken, and which reportedly cost the company £60 million. Last year, malware was lodged within the systems of the Bangladesh Bank, and its internal processes observed over time. Earlier this year, during a public holiday, instructions were given by fraudsters to transfer just under $1 billion out of the bank. This was thwarted because, as is so often the case—we see it in phishing emails which reach the House of Lords—the fraudsters misspelled a word in the order, and the fraud was spotted by Deutsche Bank, though not before $80 million was lost and remains unrecovered.
Until recently, I was chairman of PayPal Europe, where I witnessed at first hand the gigantic scale of online fraud. Much of it is cross-frontier; barely any is investigated by law enforcement agencies, and little is prosecuted. I read a wonderful book recently, by an American historian, about Tombstone, Arizona, in the 19th century, when the discovery of a silver lode created a town virtually overnight in a part of the frontier that had been lawless. The internet is still a wild, untamed frontier with a plenitude of outlaws; and a latter-day Wyatt Earp is yet to emerge to bring us law and order. We do not know the full cost to the UK economy, and others, of online fraud but, from my own experience, I suspect that it runs into tens of billions. During my 10 years at PayPal, I saw multiple attempts to persuade Governments to tackle fraud, and they come to naught. I note that the estimable Sir Nigel Sheinwald has recommended that the UK should lead the way in developing agreements to foster global co-operation in fighting cybercrime. I concur, but at the same time note the terrible irony of that statement as our country prepares to leave the best possible stage for mounting and winning that argument in exchange for a bit-part role.
Although the Bill is a welcome, if small, step towards taking law enforcement further into the digital universe, I urge the Minister to bring due focus and energy, and proportionate measures within government, to fighting the full and value-destructive extent of crime committed by digital means.